31 class SaslServerPamImp ;
37class GAuth::SaslServerPamImp
40 explicit SaslServerPamImp(
bool with_apop ) ;
41 virtual ~SaslServerPamImp() ;
43 std::string mechanism()
const ;
45 bool init(
bool ,
const std::string & mechanism ) ;
46 std::string apply(
const std::string & pwd ,
bool & done ) ;
47 std::string id()
const ;
48 bool authenticated()
const ;
51 SaslServerPamImp(
const SaslServerPamImp & ) = delete ;
52 SaslServerPamImp( SaslServerPamImp && ) = delete ;
53 SaslServerPamImp & operator=(
const SaslServerPamImp & ) = delete ;
54 SaslServerPamImp & operator=( SaslServerPamImp && ) = delete ;
57 std::unique_ptr<PamImp> m_pam ;
59 std::string m_mechanism ;
67class GAuth::PamImp :
public G::Pam
70 using ItemArray = GAuth::PamImp::ItemArray ;
71 G_EXCEPTION_CLASS( NoPrompt ,
tx(
"no password prompt received from pam module") )
73 PamImp( const
std::
string & app , const
std::
string &
id ) ;
76 void apply( const
std::
string & ) ;
77 std::
string id() const ;
80 void converse( ItemArray & ) override ;
81 void delay(
unsigned int usec ) override ;
84 PamImp( const PamImp & ) = delete ;
85 PamImp( PamImp && ) = delete ;
86 PamImp & operator=( const PamImp & ) = delete ;
87 PamImp & operator=( PamImp && ) = delete ;
95GAuth::PamImp::PamImp( const
std::
string & app , const
std::
string &
id ) :
100 G_DEBUG(
"GAuth::PamImp::ctor: [" << app <<
"] [" <<
id <<
"]" ) ;
103GAuth::PamImp::~PamImp()
106std::string GAuth::PamImp::id()
const
114 for(
auto & item : items )
116 if( item.in_type ==
"password" )
119 item.out_defined = true ;
129void GAuth::PamImp::apply(
const std::string & pwd )
145GAuth::SaslServerPamImp::SaslServerPamImp(
bool with_apop )
147 m_mechanisms.emplace_back(
"PLAIN" ) ;
149 m_mechanisms.emplace_back(
"APOP" ) ;
152GAuth::SaslServerPamImp::~SaslServerPamImp()
157 return m_mechanisms ;
160std::string GAuth::SaslServerPamImp::mechanism()
const
165void GAuth::SaslServerPamImp::reset()
167 m_mechanism.clear() ;
171bool GAuth::SaslServerPamImp::init(
bool ,
const std::string & mechanism )
174 return std::find( m_mechanisms.begin() , m_mechanisms.end() , m_mechanism ) != m_mechanisms.end() ;
177std::string GAuth::SaslServerPamImp::id()
const
179 return m_pam ? m_pam->id() : std::string() ;
182std::string GAuth::SaslServerPamImp::apply(
const std::string & response ,
bool & done )
185 std::string sep( 1U ,
'\0' ) ;
186 std::string s =
G::Str::tail( response , response.find(sep) , std::string() ) ;
187 std::string
id =
G::Str::head( s , s.find(sep) , std::string() ) ;
188 std::string pwd =
G::Str::tail( s , s.find(sep) , std::string() ) ;
190 m_pam = std::make_unique<PamImp>(
"emailrelay" ,
id ) ;
194 m_pam->apply( pwd ) ;
198 G_WARNING(
"GAuth::SaslServer::apply: " << e.what() ) ;
201 catch( PamImp::NoPrompt & e )
203 G_WARNING(
"GAuth::SaslServer::apply: pam error: " << e.what() ) ;
214 m_imp(
std::make_unique<SaslServerPamImp>(with_apop))
218GAuth::SaslServerPam::~SaslServerPam()
223 return m_imp->mechanisms() ;
226std::string GAuth::SaslServerPam::mechanism()
const
228 return m_imp->mechanism() ;
231std::string GAuth::SaslServerPam::preferredMechanism(
bool )
const
236bool GAuth::SaslServerPam::trusted(
const G::StringArray & ,
const std::string & )
const
241bool GAuth::SaslServerPam::mustChallenge()
const
246void GAuth::SaslServerPam::reset()
251bool GAuth::SaslServerPam::init(
bool secure ,
const std::string & mechanism )
253 return m_imp->init( secure , mechanism ) ;
256std::string GAuth::SaslServerPam::initialChallenge()
const
261std::string GAuth::SaslServerPam::apply(
const std::string & response ,
bool & done )
263 return m_imp->apply( response , done ) ;
266bool GAuth::SaslServerPam::authenticated()
const
268 return !m_imp->id().empty() ;
271std::string GAuth::SaslServerPam::id()
const
SaslServerPam(bool with_apop)
Constructor.
An exception class for G::Pam.
A thin interface to the system PAM library, with two pure virtual methods that derived classes should...
bool authenticate(bool require_token)
Authenticates the user.
virtual void delay(unsigned int usec)=0
Called when the pam library wants the application to introduce a delay to prevent brute-force attacks...
virtual void converse(ItemArray &)=0
Called to pass a message to the user, or request a password etc.
static std::string upper(std::string_view)
Returns a copy of 's' in which all seven-bit lower-case characters have been replaced by upper-case c...
static std::string tail(std::string_view in, std::size_t pos, std::string_view default_={})
Returns the last part of the string after the given position.
static std::string head(std::string_view in, std::size_t pos, std::string_view default_={})
Returns the first part of the string up to just before the given position.
SASL authentication classes.
std::vector< std::string > StringArray
A std::vector of std::strings.
constexpr const char * tx(const char *p) noexcept
A briefer alternative to G::gettext_noop().